Ontology Authoring and Linked Data Generation from Web Applications

One of the fundamental problems in the development of the semantic web is what is known as the ontology authoring. This process allows the domain expert to create ontologies and their instances by dedicated tools from relational databases and/or web applications. In this article is presented an approach that allows building OWL ontologies and RDF instances from web applications. The proposed approach starts with a reverse engineering process that aims to recover the original design from the web application source code by using program understanding techniques. Then, a forward engineering process is applied to create an OWL ontology from the recovered diagrams, based on a set of mapping rules. The proposed approach is concertized by a PHP2OWLGen tool and is evaluated with a set of web applications. The obtained results were encouraging and showed the efficiency of the proposed approach.

Download Full-text

Intellectual Property Issues and Europeana, Europe's Digital Library, Museum and Archive

Legal Information Management ◽

10.1017/s1472669610000678 ◽

2010 ◽

Vol 10 (3) ◽

pp. 174-180 ◽

Cited By ~ 8

Author(s):

Jonathan Purday

Keyword(s):

Intellectual Property ◽

European Commission ◽

Digital Library ◽

Linked Data ◽

Web Applications ◽

Source Code ◽

Public Domain ◽

Metadata Standards ◽

Code Base ◽

Rights Issues

AbstractEuropeana is the focus of a number of IPR issues. The portal provides access to three sets of assets: the Open Source code base, the authority-controlled metadata and the digitised content. Europeana has integrated metadata standards across the heritage domains and will now licence the metadata as a resource for the development of linked data and semantic web applications. The main rights issues concern the digitisation of public domain content and orphan works. Digitisation of out-of-copyright analogue material does not create new rights and the Europeana Public Domain Charter provides guidelines for the sector. An inhibitor to digitisation is the problem of orphan works, now under review by the European Commission.

Download Full-text

An Invariant-Based Approach for Detecting Attacks Against Data in Web Applications

International Journal of Secure Software Engineering ◽

10.4018/ijsse.2014010102 ◽

2014 ◽

Vol 5 (1) ◽

pp. 19-38

Author(s):

Romaric Ludinard ◽

Éric Totel ◽

Frédéric Tronel ◽

Vincent Nicomette ◽

Mohamed Kaâniche ◽

...

Keyword(s):

Intrusion Detection ◽

Intrusion Detection System ◽

Web Application ◽

Web Applications ◽

Detection System ◽

Source Code ◽

Web Attacks ◽

Application Profile ◽

The Web ◽

Ruby On Rails

RRABIDS (Ruby on Rails Anomaly Based Intrusion Detection System) is an application level intrusion detection system (IDS) for applications implemented with the Ruby on Rails framework. The goal of this intrusion detection system is to detect attacks against data in the context of web applications. This anomaly based IDS focuses on the modelling of the normal application profile using invariants. These invariants are discovered during a learning phase. Then, they are used to instrument the web application at source code level, so that a deviation from the normal profile can be detected at run-time. This paper illustrates on simple examples how the approach detects well-known categories of web attacks that involve a state violation of the application, such as SQL injections. Finally, an assessment phase is performed to evaluate the accuracy of the detection provided by the proposed approach.

Download Full-text

An Invariant-Based Approach for Detecting Attacks Against Data in Web Applications

Application Development and Design ◽

10.4018/978-1-5225-3422-8.ch045 ◽

2018 ◽

pp. 1073-1094

Author(s):

Romaric Ludinard ◽

Éric Totel ◽

Frédéric Tronel ◽

Vincent Nicomette ◽

Mohamed Kaâniche ◽

...

Keyword(s):

Intrusion Detection ◽

Intrusion Detection System ◽

Web Application ◽

Web Applications ◽

Detection System ◽

Source Code ◽

Web Attacks ◽

Application Profile ◽

The Web ◽

Ruby On Rails

Download Full-text

Comparison of Security Testing Approaches for Detection of SQL Injection Vulnerabilities

International Journal of Engineering & Technology ◽

10.14419/ijet.v7i4.1.19483 ◽

2018 ◽

Vol 7 (4.1) ◽

pp. 14

Author(s):

Najla’a Ateeq Mohammed Draib ◽

Abu Bakar Md Sultan ◽

Abdul Azim B Abd Ghani ◽

Hazura Zulzalil

Keyword(s):

Web Application ◽

Web Applications ◽

Query Language ◽

Test Case ◽

Data Generation ◽

Security Testing ◽

Sql Injection ◽

Authentication Mechanism ◽

Manipulation Language ◽

Case Data

Structured query language injection vulnerability (SQLIV) is one of the most prevalent and serious web application vulnerabilities that can be exploited by SQL injection attack (SQLIA) to gain unauthorized access to restricted data, bypass authentication mechanism, and execute unauthorized data manipulation language. Hence, testing web applications for detecting such vulnerabilities is very imperative. Recently, several security testing approaches have been proposed to detect SQL injection vulnerabilities. However, there is no up-to-date comparative study of these approaches that could be used to help security practitioners and researchers in selecting an appropriate approach for their needs.In this paper, six criteria's are identified to compare and analyze security testing approaches; vulnerability covered, testing approach, tool automation, false positive mitigation, vulnerability fixing, and test case/data generation. Using these criteria, a comparison was carried out to contrast the most prominent security testing approaches available in the literature. These criteria will aid both practitioners and researchers to select appropriate approaches according to their needs. Additionally, it will provide researchers with guidance that could help them make a preliminary decision prior to their proposal of new security testing approaches.

Download Full-text

ANALYZING AND IMPROVING WEB APPLICATION QUALITY USING DESIGN PATTERNS

INTERNATIONAL JOURNAL OF COMPUTERS & TECHNOLOGY ◽

10.24297/ijct.v2i2b.2641 ◽

2012 ◽

Vol 2 (2) ◽

pp. 112-116

Author(s):

Shikha Bhatia ◽

Mr. Harshpreet Singh

Keyword(s):

Web Application ◽

Design Pattern ◽

Design Patterns ◽

Web Applications ◽

Past Research ◽

Software Systems ◽

Interactive Software ◽

Web Based ◽

Software Application ◽

Execution Speed

With the mounting demand of web applications, a number of issues allied to its quality have came in existence. In the meadow of web applications, it is very thorny to develop high quality web applications. A design pattern is a general repeatable solution to a generally stirring problem in software design. It should be noted that design pattern is not a finished product that can be directly transformed into source code. Rather design pattern is a depiction or template that describes how to find solution of a problem that can be used in many different situations. Past research has shown that design patterns greatly improved the execution speed of a software application. Design pattern are classified as creational design patterns, structural design pattern, behavioral design pattern, etc. MVC design pattern is very productive for architecting interactive software systems and web applications. This design pattern is partition-independent, because it is expressed in terms of an interactive application running in a single address space. We will design and analyze an algorithm by using MVC approach to improve the performance of web based application. The objective of our study will be to reduce one of the major object oriented features i.e. coupling between model and view segments of web based application. The implementation for the same will be done in by using .NET framework.

Download Full-text

THE USE OF WEB APPLICATIONS FOR THE SELECTION OF CROP GROWING TECHNOLOGIES

Siberian Herald of Agricultural Science ◽

10.26898/0370-8799-2018-3-11 ◽

2018 ◽

Vol 48 (3) ◽

pp. 84-90 ◽

Cited By ~ 1

Author(s):

E. A. Lapchenko ◽

S. P. Isakova ◽

T. N. Bobrova ◽

L. A. Kolpakova

Keyword(s):

Web Application ◽

Crop Production ◽

Web Applications ◽

Weather Forecast ◽

Technical Institute ◽

Software Complex ◽

Agricultural Enterprise ◽

Weather Situation ◽

The Web ◽

Selection Of

It is shown that the application of the Internet technologies is relevant in the selection of crop production technologies and the formation of a rational composition of the machine-and-tractor fl eet taking into account the conditions and production resources of a particular agricultural enterprise. The work gives a short description of the web applications, namely “ExactFarming”, “Agrivi” and “AgCommand” that provide a possibility to select technologies and technical means of soil treatment, and their functions. “ExactFarming” allows to collect and store information about temperature, precipitation and weather forecast in certain areas, keep records of information about crops and make technological maps using expert templates. “Agrivi” allows to store and provide access to weather information in the fi elds with certain crops. It has algorithms to detect and make warnings about risks related to diseases and pests, as well as provides economic calculations of crop profi tability and crop planning. “AgCommand” allows to track the position of machinery and equipment in the fi elds and provides data on the weather situation in order to plan the use of agricultural machinery in the fi elds. The web applications presented hereabove do not show relation between the technologies applied and agro-climatic features of the farm location zone. They do not take into account the phytosanitary conditions in the previous years, or the relief and contour of the fi elds while drawing up technological maps or selecting the machine-and-tractor fl eet. Siberian Physical-Technical Institute of Agrarian Problems of Siberian Federal Scientifi c Center of AgroBioTechnologies of the Russian Academy of Sciences developed a software complex PIKAT for supporting machine agrotechnologies for production of spring wheat grain at an agricultural enterprise, on the basis of which there is a plan to develop a web application that will consider all the main factors limiting the yield of cultivated crops.

Download Full-text

A Sign of Things to Come: Predicting the Perception of Above-the-Fold Time in Web Browsing

Future Internet ◽

10.3390/fi13020050 ◽

2021 ◽

Vol 13 (2) ◽

pp. 50

Author(s):

Hamed Z. Jahromi ◽

Declan Delaney ◽

Andrew Hines

Keyword(s):

Web Application ◽

Web Applications ◽

State Of The Art ◽

Influencing Factor ◽

The State ◽

Experimental Result ◽

Web Page ◽

To Come ◽

Web Quality ◽

The Web

Content is a key influencing factor in Web Quality of Experience (QoE) estimation. A web user’s satisfaction can be influenced by how long it takes to render and visualize the visible parts of the web page in the browser. This is referred to as the Above-the-fold (ATF) time. SpeedIndex (SI) has been widely used to estimate perceived web page loading speed of ATF content and a proxy metric for Web QoE estimation. Web application developers have been actively introducing innovative interactive features, such as animated and multimedia content, aiming to capture the users’ attention and improve the functionality and utility of the web applications. However, the literature shows that, for the websites with animated content, the estimated ATF time using the state-of-the-art metrics may not accurately match completed ATF time as perceived by users. This study introduces a new metric, Plausibly Complete Time (PCT), that estimates ATF time for a user’s perception of websites with and without animations. PCT can be integrated with SI and web QoE models. The accuracy of the proposed metric is evaluated based on two publicly available datasets. The proposed metric holds a high positive Spearman’s correlation (rs=0.89) with the Perceived ATF reported by the users for websites with and without animated content. This study demonstrates that using PCT as a KPI in QoE estimation models can improve the robustness of QoE estimation in comparison to using the state-of-the-art ATF time metric. Furthermore, experimental result showed that the estimation of SI using PCT improves the robustness of SI for websites with animated content. The PCT estimation allows web application designers to identify where poor design has significantly increased ATF time and refactor their implementation before it impacts end-user experience.

Download Full-text

A Mobile and Web Application for Mapping Disaster Volunteers’ Position in Indonesia

International Journal of Interactive Mobile Technologies (iJIM) ◽

10.3991/ijim.v11i3.6477 ◽

2017 ◽

Vol 11 (3) ◽

pp. 98 ◽

Cited By ~ 1

Author(s):

Theresia Devi Indriasari ◽

Kusworo Anindito ◽

Eddy Julianto ◽

Bertha Laroha Paraya Pangaribuan

Keyword(s):

Disaster Management ◽

Web Application ◽

Web Applications ◽

Management Service ◽

Tectonic Plates ◽

Location Data ◽

Before And After ◽

Disaster Situation ◽

The Government ◽

To Receive

<span>Indonesia is a country located on top of some tectonic plates that bring potential natural disasters. Disaster management system is considered essential in controlling the situation in the site both before and after the disaster takes place. In disaster situation, the government and society are involved in a volunteer team in order to help minimize victims and support survivors. However, the volunteering activities are often hindered since there are problems in the disaster site. One of the problems is late responses due to poor coordination among volunteers that drives the delay in disaster relief. Therefore, it is necessary to have an application that maps the positions of volunteers in a disaster site, so that the disaster management coordinator can disseminate volunteers to disaster areas based on needs. The purpose of the study is to propose an application called ‘MyMapVolunteers’ that effectively and efficiently detects the position of the volunteers in order to improve disaster management service. In this case, real time and location based service technology will able to detect the position of each volunteer. ‘MyMapVolunteers’ is composed of two platforms, which are mobile and web applications. Mobile platform is an application that uses GPS function provided by the smartphone to find the volunteers’ location coordinates and then send the data of the location automatically and manually. The web platform is used to receive volunteers’ location data and to present them in google map, therefore disaster management coordinator can monitor the positions of and search for volunteers faster.</span>

Download Full-text

Preventive Measures for Cross Site Request Forgery Attacks on Web-based Applications

International Journal of Engineering & Technology ◽

10.14419/ijet.v7i4.15.21434 ◽

2018 ◽

Vol 7 (4.15) ◽

pp. 130

Author(s):

Emil Semastin ◽

Sami Azam ◽

Bharanidharan Shanmugam ◽

Krishnan Kannoorpatti ◽

Mirjam Jonokman ◽

...

Keyword(s):

Web Application ◽

Web Applications ◽

Operating Cycle ◽

Web Application Security ◽

Web Based ◽

Business World ◽

Application Security ◽

Server Side ◽

Combined Solution ◽

Cross Site Request Forgery

Today’s contemporary business world has incorporated Web Services and Web Applications in its core of operating cycle nowadays and security plays a major role in the amalgamation of such services and applications with the business needs worldwide. OWASP (Open Web Application Security Project) states that the effectiveness of security mechanisms in a Web Application can be estimated by evaluating the degree of vulnerability against any of the nominated top ten vulnerabilities, nominated by the OWASP. This paper sheds light on a number of existing tools that can be used to test for the CSRF vulnerability. The main objective of the research is to identify the available solutions to prevent CSRF attacks. By analyzing the techniques employed in each of the solutions, the optimal tool can be identified. Tests against the exploitation of the vulnerabilities were conducted after implementing the solutions into the web application to check the efficacy of each of the solutions. The research also proposes a combined solution that integrates the passing of an unpredictable token through a hidden field and validating it on the server side with the passing of token through URL.

Download Full-text

VeRA: Verifying RBAC and Authorization Constraints Models of Web Applications

International Journal of Software Engineering and Knowledge Engineering ◽

10.1142/s0218194021500182 ◽

2021 ◽

Vol 31 (05) ◽

pp. 655-675

Author(s):

Thanh-Nhan Luong ◽

Hanh-Phuc Nguyen ◽

Ninh-Thuan Truong

Keyword(s):

Access Control ◽

Programming Languages ◽

Web Application ◽

Web Applications ◽

Implementation Process ◽

Record Management ◽

Role Based Access Control ◽

Security Issue ◽

Control Policies ◽

Access Control Policies

The software security issue is being paid great attention from the software development community as security violations have emerged variously. Developers often use access control techniques to restrict some security breaches to software systems’ resources. The addition of authorization constraints to the role-based access control model increases the ability to express access rules in real-world problems. However, the complexity of combining components, libraries and programming languages during the implementation stage of web systems’ access control policies may arise potential flaws that make applications’ access control policies inconsistent with their specifications. In this paper, we introduce an approach to review the implementation of these models in web applications written by Java EE according to the MVC architecture under the support of the Spring Security framework. The approach can help developers in detecting flaws in the assignment implementation process of the models. First, the approach focuses on extracting the information about users and roles from the database of the web application. We then analyze policy configuration files to establish the access analysis tree of the application. Next, algorithms are introduced to validate the correctness of the implemented user-role and role-permission assignments in the application system. Lastly, we developed a tool called VeRA, to automatically support the verification process. The tool is also experimented with a number of access violation scenarios in the medical record management system.

Download Full-text